October 3, 2023

VMware has confirmed a recently patched critical command injection vulnerability affecting its Aria Operations for Networks tool is being exploited in the wild.

A PoC of an exploitation was published on GitHub and five days after researchers reported observing attempts to utilize the PoC code. The exploited vulnerability is one of three high-severity vulnerabilities VMware disclosed on June 7. Tracked as CVE-2023-20887, the command injection vulnerability has a CVSS score of 9.8 and opens the door to an attacker to execute code remotely on targeted systems.

The Aria Operations for Networks monitoring tool is used to provide network visibility and analytics to accelerate micro-segmentation security, minimize risk during application migration, optimize network performance and confidently manage and scale VMware NSX, VMware SD-WAN, and Kubernetes deployments.


VMware advised customers to apply them in a timely manner to protect their environment but said it was not aware of any of the vulnerabilities being exploited. But recently updated the advisory confirming the exploitation has occurred in wild.

The instructions of patching for all versions of the Aria Operations for Networks tool at risk from the vulnerability can be found on VMware’s Customer Connect website.

Leave a Reply

%d bloggers like this: